A Security Infrastructure for Trusted Devices

Transcription

1 Infrastructure () A Security Infrastructure for Trusted Devices Mahalingam Ramkumar Mississippi State University, MS Nasir Memon Polytechnic University, Brooklyn, NY January 31, 2005

2 Infrastructure () 1 Trusted Devices Renewal KDS Requirements 2 Random Key Pre-distribution Schemes 3 Infrastructure ()

3 Infrastructure () Emerging Models of Trust Trusted Devices Renewal KDS Requirements Paradigm shift in the model of trust in emerging applications Conventional applications - Client-server applications End users are trusted Trusted not to reveal passwords, private keys In theory, compromise of user A s secrets should not affect other users Pervasive / ubiquitous computing, ad hoc networks, DRM devices need to be trusted to behave in a responsible fashion not the owners or operators. How do we trust devices? More appropriately, how do devices trust each other?

4 Trusted Devices Outline Infrastructure () Trusted Devices Renewal KDS Requirements Devices play by the rules Compliance to established rules. How? Trusted devices provided with secrets Secrets serve as a hook for compliance Verify compliance before providing secrets Verification of (possession of) secrets = verification of compliance Mechanism to distribute and establish possession of secrets - key distribution scheme (KDS)

5 Infrastructure () Trusted Devices Renewal KDS Requirements Tamper Resistance and Read Proofness Even owners of the devices should not have access to the secrets Devices are trusted not to reveal their secrets! Both tamper resistance and read-proofness are mandatory Tamper resistance - guarantees that components that guarantee compliance cannot be modified after a device is provided with secrets Read proofness - guarantees that secrets from a compliant device cannot be transferred to a non-compliant device

6 Renewability Outline Infrastructure () Trusted Devices Renewal KDS Requirements Technology for tamper-resistance is expected to improve (necessity is the mother of invention!) Yet perfect tamper resistance / read proofing may never be achievable Need to renew secrets periodically

7 Infrastructure () Safe Renewal of Secrets Trusted Devices Renewal KDS Requirements Secrets originally assigned by the manufacturer Take the device back to the manufacturer every time for renewal? - not practical Renewal has to occur over open channels (Internet?) Devices will authenticate themselves using old secrets to receive new secrets If old secrets in a device have been compromised, what prevents an attacker from getting new secrets? Need an additional secret that cannot be compromised by tampering. No, password is not sufficient.

8 Infrastructure () Trusted Devices Renewal KDS Requirements Circuit-Delay Based Authentication B. Gassend, D. Clarke, M. van Dijk, S. Devadas, Delay-based Circuit Authentication and Applications, Proceedings of the 2003 ACM symposium on Applied Computing, Melbourne, Florida, pp , Uncontrollable delays unique to each chip can serve as a signature Not exposable by tampering Sensitive to environmental variations - could be compensated Possibly weak secret

9 Safe Renewal Outline Infrastructure () Trusted Devices Renewal KDS Requirements Assumptions 1 The existence of a weak secret which cannot be exposed by tampering. 2 The only way to obtain secrets from a device A is by tampering with the device A. 3 Devices that are tampered with are rendered unusable in the future. Safe renewal is feasible! The key renewal process (protocol) can de set up such that each brute force attempt would need TA s involvement!

10 Infrastructure () KDS Requirements Trusted Devices Renewal KDS Requirements Extremely large scale (billions of devices) Support ad hoc interactions (no Kerberos) Light on resources (possibly no asymmetric crypto) Interoperability - different vendors Renewability Multicast security?

11 What is KPD? Outline Infrastructure () Random KPD An (offline) TA and N nodes with unique IDs TA chooses P secrets R Node A is pre-loaded with k secrets S A = F (R, ID A ) Node B is pre-loaded with k secrets S B = F (R, ID B ) Nodes A and B can discover shared secret K AB = G(ID B, S A ) = G(ID A, S B ) Only nodes A and B can discover K AB

12 n-secure KPD Outline Infrastructure () Random KPD Pre-loaded keys in different nodes are not independent A finite number of other nodes can be compromised to reveal K AB n-secure KPD resists compromises of up to n nodes KPDs are tradeoffs between security and complexity Large n large k Different mechanisms of trade-off Efficient KPD schemes k = O(n)

13 Infrastructure () Extents of Compromise Random KPD Attacker pools keys from many node with the purpose of determining shares secret between Two nodes i and j (Attack 1) Node i and TA (Attack 2) All P secrets (Attack 3)

14 Infrastructure () Classes of KPDs Random KPD Deterministic KPDs based in finite field arithmetic (Blom, Matsuhito) Attacks 1,2,3 have the same complexity Subset intersection schemes (matrix, Mitch, Dyer, Erdos et al) Attacks 1 to 3 increasingly complex Random KPDs - provide only probabilistic guarantees For example, n-secure with probability of failure Most random KPDs are based on subset intersection Exception - Leighton and Micali (Scheme II) Attacks 1 to 3 increasingly complex

15 Infrastructure () Random KPD Probababilistic Guarantees are Good Enough! Even for determinsitic schemes the final shared secret has a finite number of bits What is the probability that an attacker can guess a 64-bit key? - more than Probabilistic guarantees are not bad as long as the probability of failure is small

16 Random KPDs Outline Infrastructure () Random KPD Two basic types Leighton and Micali (scheme III) - based on repeated hashing of preloaded keys Random preloaded subsets (RPS) - a slight modification of subset intersection schemes TA has P keys, each node is given a subset of k keys In SI schemes the allocation is done in a deterministic fashion In RPS it is done either randomly (Eschenauer-Gligor, Chan-Perrig-Song, Liu-Ning) or psuedo-randomly (Pietro-Mancini-Mei, Ramkumar-Memon) Former methods need bandwidth overhead to determine share keys - psuedo-random methods provide an elegant solution by using a one-way function of node ID

17 Infrastructure () Random KPD HAshed Random Preloaded Subsets Defined by three parameters, P, k, L TA chooses P secrets Each node gets a subset of the secrets (randomized by node ID) The preloaded keys are hashed repeatedly - a variable number of times Hash depths uniformly distributed between 1 and L (randomized by node ID) Shared secret based on maximum hash depths of the shared keys

18 Infrastructure (), RPS and LM Random KPD is a generalization of RPS and LM LM is with P = k RPS is with L = 0

19 Infrastructure () Illustration of Random KPD

20 Infrastructure () Summary of Properties Random KPD Efficient, k = O(n) RPS, k = O(n), LM, k = O(n 3 ) RPS - k = e log(p)n, - k = e log(p)n Theoretically, not possible to do better than O(n) Different threat models How difficult is it to fool another node? (Attack 1) To fool the TA? (Attack 2) All random KPDs provide more resistance to Attack 2 (which is good) does better than other random KPDs against Attack 1 And does very much better (by 2 orders of magnitude) against Attack 2. Safe renewal with KPDs - need additional unique key or high resistance to attack 2

21 And More! Outline Infrastructure () Random KPD Tree hierarchical extension (RPS - does not offer seperation of levels) Caters for seamless renewal The same preloaded secrets can also be used for Broadcast authentication - equivalent to signature schemes Targeted signatures / Designated verifiers... Broadcast encryption - an efficient solution for node revocation Discovery of group secrets Infrastructure

22 Infrastructure () vs PKI Feature 1 Deployment 2 Shared secret 3 Source Authentication 4 Non repudiation PKI 1 tree hierarchical deployment of CAs 2 exchanging signed public keys 3 encrypting with private key 4 source authentication 1 tree hierarchical deployment of TAs 2 exchanging unique IDs 3 appending key based MACs 4 source authentication with trusted devices

23 Infrastructure () vs PKI Feature 1 Revocation (1) 2 Revocation (2) 3 Automatic revocation 4 Seamless renewal 5 Broadcast Encryption 6 Choosing Public keys PKI 1 broadcasting revocation list 2 none 3 expiry of certificate 4 possible 5 not possible 6 not possible 1 broadcasting revocation list 2 broadcasting revocation secret 3 periodic renewal 4 possible with some loss of security 5 possible by TA and peers 6 possible